Documentation
¶
Overview ¶
Package extcipher bridges to an external, operator-supplied cipher program so the toolkit can decrypt and brute-force ciphers it does not (and should not) bundle itself — most importantly TETRA TEA1, whose only public implementations are licence-incompatible (AGPL) with this Apache-2.0 project and which must not be re-authored unverified inside a security-test tool.
The operator points the harness at a program (e.g. MidnightBlue's TEA1 tool or sq5bpf/teatime) that implements a tiny, shell-free line protocol:
<prog> [fixed args…] keystream <key_hex> <iv_hex> <n>
→ prints <keystream_hex> (n bytes) on stdout
<prog> [fixed args…] brute <iv_hex> <known_keystream_hex> <bits> <base_key_hex>
→ prints the recovered <key_hex> (or an empty line if none) on stdout
The `brute` verb keeps the heavy 2^32-style key search in the native external cipher; the toolkit orchestrates it, verifies the result, and decrypts the corpus with `keystream`. The program is invoked with exec (no shell), and key/IV values are passed as separate argv entries, so the cipher values cannot inject a command. This capability is CLI-only by design — the web console refuses recipes that shell out (see the webserver).
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// KeystreamTimeout / BruteTimeout bound each call.
KeystreamTimeout time.Duration
BruteTimeout time.Duration
// contains filtered or unexported fields
}
Client runs an external cipher program.
func New ¶
New parses a command spec ("prog --flag value") into a Client. The first field is the program; the rest are fixed leading arguments. It does not run a shell, so the spec must not rely on shell features.